c3ad8f1af36390f865f58e8680c74bdfdb20c731608b93e7294613b67e2ae216

Sharing

Copy URL

Twitter E-mail

General

Target

c3ad8f1af36390f865f58e8680c74bdfdb20c731608b93e7294613b67e2ae216
Size

411KB
MD5

ce9d4dc3140248a8ed7d3c6247de1b30
SHA1

abc3d611870aadbff34fc89c6efa1dea38b4da4c
SHA256

c3ad8f1af36390f865f58e8680c74bdfdb20c731608b93e7294613b67e2ae216
SHA512

942b8d07f14a91fe14ca0bbb1b096765508da2cb8fce8f05f381df3b42cf15d34d4fc70c06cea5cf05e5b456e2775ec5b7960e0e79cbe9f1488028ee46b72e4e
SSDEEP

12288:BSEU/3Oq+WxPpyzHC/FeyDIBJ+Ib6J96B2YdX7PE:B0EBJ4JcvdX4

Score

N/A

Malware Config

Signatures

Files

c3ad8f1af36390f865f58e8680c74bdfdb20c731608b93e7294613b67e2ae216
.dll regsvr32 windows x86

9326d0c820a8086ea19a2477acefc1a3

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03-07-2008 00:00

Not After

03-07-2009 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:1c:e2:11:0d:10:a7:06:71:61:64:7a:cd:e2:18:16:af:42:84:b9
Signer

Actual PE Digest

74:1c:e2:11:0d:10:a7:06:71:61:64:7a:cd:e2:18:16:af:42:84:b9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

24-11-2022 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameW
GetModuleHandleW
WideCharToMultiByte
SetThreadLocale
GetThreadLocale
SetLastError
SetEnvironmentVariableA
CompareStringW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryExW
lstrlenW
CompareStringA
GetTimeZoneInformation
CreateFileA
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
Sleep
SetStdHandle
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
CloseHandle
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
lstrlenA
LocalFree
HeapAlloc
HeapFree
SetEndOfFile
GetProcessHeap
DeleteFileA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetCurrentThreadId
GetCommandLineA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFileAttributesA

user32

CharNextW
UnregisterClassA

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

shell32

SHGetFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
OleRun
CoTaskMemAlloc

oleaut32

GetErrorInfo
VariantClear
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringByteLen
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
LoadRegTypeLi
SysAllocStringLen
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
VarUI4FromStr
SysStringByteLen

rpcrt4

NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9326d0c820a8086ea19a2477acefc1a3

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6bCertificate

Extended Key Usages

Key Usages

74:1c:e2:11:0d:10:a7:06:71:61:64:7a:cd:e2:18:16:af:42:84:b9Signer

Signature Validations

Verification

24-11-2022 14:54 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 290KB

.orpc Size: 4KB - Virtual size: 844B

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 28KB - Virtual size: 37KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 20KB - Virtual size: 19KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

74:1c:e2:11:0d:10:a7:06:71:61:64:7a:cd:e2:18:16:af:42:84:b9
Signer

24-11-2022 14:54
Valid: false

.text
Size: 292KB - Virtual size: 290KB

.orpc
Size: 4KB - Virtual size: 844B

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 28KB - Virtual size: 37KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 20KB - Virtual size: 19KB